CISPA Anyone? Exposing Pirates at The U.S. Government

Last week the privacy invasive CISPA bill passed the U.S. House of Representatives, taking it one step closer to becoming law. The proposed bill allows warrant-less spying by Internet companies on behalf of Government agencies. Turning the tables, TorrentFreak decided to "spy" on download and browsing habits at the House and other prominent Government institutions, using publicly available data.

Since the SOPA and PIPA uproar last year the Internet has become increasingly aware of the U.S. Government’s attempts at meddling with the web.

One of the bills currently meeting resistance, after it failed to pass last year, is the Cyber Intelligence Sharing and Protection Act (CISPA). Despite public protests the bill passed the House last week, and it’s now on its way to a Senate vote.

As the title suggests the main goal of the bill is to deal with “cybersecurity,” but with a lack of definition as to what that actually entails, this term is also one of its major weaknesses.

In short, CISPA would allow companies to spy on Internet users and collect and share this data with third-party companies or Government agencies. As long as the company states that these privacy violations are needed to protect against “cybersecurity” threats, they are immune from civil and criminal liabilities.

Critics of the bill point out that it would allow companies to spy on Internet users, and with flexible definitions of cybersecurity it could potentially be used to monitor the download habits of Internet subscribers.

A wide variety of citizen rights groups are continuing with anti-CISPA actions to prevent the bill from becoming law. Starting off today, Anonymous is holding a CISPA blackout with a few hundred websites participating. Undoubtedly other protests will make headlines in the weeks to come.

In light of the above, we thought that it would be interesting to turn the tables on some of the pro-CISPA forces. How would they like it if their download habits ended up exposed? And what if everyone could see their Google searches or the websites they visit?

As it turns out, no CISPA is needed to do the above. With help from BitTorrent monitoring company Scaneye and the privacy invasive ExtremeTracking service we found plenty of information to expose.

The House

Let’s begin the search with the House of Representatives, who voted in favor of CISPA. Data from public BitTorrent trackers shows dozens of House IP-addresses linked to pirated content. Below is a small selection of the alleged downloads we found.

Interestingly, no more downloads were recorded after November last year. While Scaneye only covers a small percentage of all BitTorrent downloads, the lack of hits may be the result of a new anti-P2P policy which also blocked Spotify on the Hill.

Aside from BitTorrent data it’s also possible to search for the browsing history of House staff. Through ExtremeTracking alone we found hundreds of hits, showing browser versions, screen resolutions, visited websites and search queries. To highlight one, here’s a House IP-address searching for an adult video site.

House IPs linked to piracy

The Senate

Next up is the U.S. Senate who will soon have to decide on the fate of the cybersecurity bill.

The Senate results mimic the House findings. Again there are plenty of employees who allegedly downloaded copyright material. Copies of recent TV-shows and movies are relatively popular.

The Senate’s browsing habits also reveal some information, and show that articles about Wikileaks revelations are on the public reading list.

Senate IPs linked to piracy

The CIA

Finally we took a look at the Central Intelligence Agency (CIA), one of the organizations which will use CISPA information. Gathering intelligence on the CIA is not as hard as it sounds, since their employees use public facing IP-addresses that can be directly linked to the agency.

Again, the BitTorrent tracker data mostly turned up pirated video content that were allegedly downloaded at the CIA, with some titles nicely fitting agency’s niche. Unlike at the congressional offices, we also saw some more recent hits.

Looking at their browsing data we found only a few hits for the CIA via ExtremeTracking. However, this does include a referral from a video store selling rather perverted material.

CIA IPs linked to piracy

The above is of course no argument against CISPA. Instead, it shows how much sensitive data is already out there. The question is, do we really want companies to have the ability to spy even more?

For those who want to learn more about CISPA and what action can be taken to stop it, FFTF and EFF are required further reading.

Finally, a word of advice to anyone who doesn’t want their private browsing and download habits out in the open, including Government workers. Get a VPN while you still can, or stop using the Internet altogether.